Stration/Warezov Virus: Agonizing Defeat for Anti-Virus Solutions
November 13 2006 - 7:01AM
Business Wire
Speeding across the Internet and transforming at an unprecedented
pace, the email-borne Stration malware continues to evade detection
by leading anti-virus solutions, reported Commtouch (Nasdaq:CTCH).
�Stration attacks in a multi-variant, multi-wave pattern that peaks
on average every three days. By continuously changing from one form
to the next, it slips past anti-virus engines before the vendors
can develop new signatures or modify the heuristics,� said Haggai
Carmon, Commtouch Vice President of Products, head of its Virus
Outbreak Detection (VOD) Lab and author of the new Malware Outbreak
Trend Report: Stration/Warezov. �To date, Commtouch has detected
and blocked 636 distinct variants of the Stration virus, and at its
peak, 185 distinct variants in a single day,� he continued.
Stration is so fast that it is pummeling anti-virus solutions based
on signatures or heuristics. The top AV engines lag behind the
variants, updating their signatures on average between three and 10
hours after the outbreak begins. During this time, several new
variants have already appeared, leaving customers who rely solely
on these traditional anti-virus solutions exposed to the threats
for hours or even days. Zero Hour� AV Complements Traditional AV
Traditional AV solutions work by either applying heuristic filters
or by writing signature updates for each new threat. Signatures and
heuristics are typically designed to protect against a specific
malware variant or group of variants, so once the malicious code
changes, the race is on again. Pre-emptive AV solutions based on
real-time outbreak detection complement traditional AV solutions by
protecting in the initial hours of an outbreak before signatures
become available. �Malicious code like Stration moves at breakneck
speed and can do massive damage in just one hour,� said Michael
Osterman, Principal of Osterman Research, a messaging research
firm. �To protect against email-borne viruses you must be able to
detect outbreaks as they occur, in real time. As viruses get
smarter and faster, every second counts.� �Even the best AV engine
leaves a window of vulnerability,� said Jae Roh, Product Line
Manager at Mirapoint, a leading secure messaging appliance vendor.
�For this reason we offer our customers email defense with both
traditional signature-based AV and our pro-active �Rapid AV� for
Zero-Hour virus outbreak protection. In this way we are sure to
protect our customers against new viruses and other forms of
malicious code during the critical first hours of a virus
outbreak.� Commtouch Zero-Hour Virus Outbreak Protection detects
and blocks email-borne malware outbreaks, like the multiple
Stration variants, within moments of their appearance on the
Internet. Leading messaging and AV vendors license Commtouch
technology to complement traditional AV technologies. Stration
Background Stration (also known as Stratio or Warezov) is still
going strong two months after it was first distributed around the
world as a massive email-borne malware attack. Once the active code
infects a computer, it establishes contact with a website where it
downloads malicious software. It then installs the malware and
searches for email addresses on the infected computer and spams
itself to more email users. Some have suggested that Stration may
have been a significant factor in the recent spike in total spam
worldwide. On November 6 Commtouch labs detected an all-time high
of over 4.3 million distinct spam outbreak patterns in a single
24-hour period Detection of Stration is hampered by reliance on
content-based technology that is fooled by the malware�s ability to
randomly regenerate multiple characteristics of the carrier-email.
Thus far it has generated 814 (and counting) distinct subject
messages and 23,954 file attachment names. Every characteristic is
constantly changing; sender IP, name, message subject and body, and
malicious code itself. Stration Data Summary (as of November 11,
2006) � Description � Multi-variant, multi-wave email-borne worm;
each wave lasts several days Status � in progress Distinct variant
count � 636� Distinct subject string count � 814� Sample subjects �
error mail transaction failed status hello picture good day server
report this must be seen by everyone. livan war real pictures. this
is not shown on tv. Distinct malware archive file count � 18,188�
Sample archive file names � update-kb9953-x86.zip docs.zip test.zip
data.zip body.zip document.zip message.zip picture2375.zip
readme.zip text.zip Distinct malware file name count � 23,954�
Sample malware file names � update-kb9328-x86.exe docs.txt.exe
text.log.scr readme.txt.scr test.elm.bat data.txt.cmd doc.log.cmd
message.log.exe readme.log.cmd body.msg.cmd Additional data --
including statistics about leading AV engines -- is available in
Commtouch�s Malware Outbreak Trends Report: Stration/Warezov,
available from the Commtouch Virus Outbreak Detection Lab at
http://www.commtouch.com/downloads/Stration-Warezov_MOTR.pdf. About
Commtouch Commtouch Software Ltd. (NASDAQ:CTCH) is dedicated to
protecting and preserving the integrity of the world's most
important communications tool -- e-mail. Commtouch has over 15
years of experience developing messaging software and is a global
developer and provider of proprietary anti-spam and Zero-Hour virus
protection solutions. Using core technologies including RPD
(Recurrent Pattern Detection�), the Commtouch Detection Center
analyzes billions of email messages per month to identify new spam
and malware outbreaks within minutes of their introduction into the
Internet. Integrated by more than 50 OEM partners, Commtouch
technology protects thousands of organizations, with over 50
million users in over 100 countries. Commtouch is headquartered in
Netanya, Israel, and has a subsidiary in Mountain View, Calif. For
more information, see: www.commtouch.com. The site includes�the
Commtouch online lab detailing spam statistics and charts.
Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and
Commtouch is a registered trademark, of Commtouch Software Ltd.
U.S. Patent No. 6,330,590 is owned by Commtouch. Speeding across
the Internet and transforming at an unprecedented pace, the
email-borne Stration malware continues to evade detection by
leading anti-virus solutions, reported Commtouch (Nasdaq:CTCH).
"Stration attacks in a multi-variant, multi-wave pattern that peaks
on average every three days. By continuously changing from one form
to the next, it slips past anti-virus engines before the vendors
can develop new signatures or modify the heuristics," said Haggai
Carmon, Commtouch Vice President of Products, head of its Virus
Outbreak Detection (VOD) Lab and author of the new Malware Outbreak
Trend Report: Stration/Warezov. "To date, Commtouch has detected
and blocked 636 distinct variants of the Stration virus, and at its
peak, 185 distinct variants in a single day," he continued.
Stration is so fast that it is pummeling anti-virus solutions based
on signatures or heuristics. The top AV engines lag behind the
variants, updating their signatures on average between three and 10
hours after the outbreak begins. During this time, several new
variants have already appeared, leaving customers who rely solely
on these traditional anti-virus solutions exposed to the threats
for hours or even days. Zero Hour(TM) AV Complements Traditional AV
Traditional AV solutions work by either applying heuristic filters
or by writing signature updates for each new threat. Signatures and
heuristics are typically designed to protect against a specific
malware variant or group of variants, so once the malicious code
changes, the race is on again. Pre-emptive AV solutions based on
real-time outbreak detection complement traditional AV solutions by
protecting in the initial hours of an outbreak before signatures
become available. "Malicious code like Stration moves at breakneck
speed and can do massive damage in just one hour," said Michael
Osterman, Principal of Osterman Research, a messaging research
firm. "To protect against email-borne viruses you must be able to
detect outbreaks as they occur, in real time. As viruses get
smarter and faster, every second counts." "Even the best AV engine
leaves a window of vulnerability," said Jae Roh, Product Line
Manager at Mirapoint, a leading secure messaging appliance vendor.
"For this reason we offer our customers email defense with both
traditional signature-based AV and our pro-active 'Rapid AV' for
Zero-Hour virus outbreak protection. In this way we are sure to
protect our customers against new viruses and other forms of
malicious code during the critical first hours of a virus
outbreak." Commtouch Zero-Hour Virus Outbreak Protection detects
and blocks email-borne malware outbreaks, like the multiple
Stration variants, within moments of their appearance on the
Internet. Leading messaging and AV vendors license Commtouch
technology to complement traditional AV technologies. Stration
Background Stration (also known as Stratio or Warezov) is still
going strong two months after it was first distributed around the
world as a massive email-borne malware attack. Once the active code
infects a computer, it establishes contact with a website where it
downloads malicious software. It then installs the malware and
searches for email addresses on the infected computer and spams
itself to more email users. Some have suggested that Stration may
have been a significant factor in the recent spike in total spam
worldwide. On November 6 Commtouch labs detected an all-time high
of over 4.3 million distinct spam outbreak patterns in a single
24-hour period Detection of Stration is hampered by reliance on
content-based technology that is fooled by the malware's ability to
randomly regenerate multiple characteristics of the carrier-email.
Thus far it has generated 814 (and counting) distinct subject
messages and 23,954 file attachment names. Every characteristic is
constantly changing; sender IP, name, message subject and body, and
malicious code itself. -0- *T Stration Data Summary (as of November
11, 2006) Description Multi-variant, multi-wave email-borne worm;
each wave lasts several days
----------------------------------------------------------------------
Status in progress
----------------------------------------------------------------------
Distinct variant count 636
----------------------------------------------------------------------
Distinct subject string count 814
----------------------------------------------------------------------
Sample subjects error mail transaction failed status hello picture
good day server report this must be seen by everyone. livan war
real pictures. this is not shown on tv.
----------------------------------------------------------------------
Distinct malware archive file count 18,188
----------------------------------------------------------------------
Sample archive file names update-kb9953-x86.zip docs.zip test.zip
data.zip body.zip document.zip message.zip picture2375.zip
readme.zip text.zip
----------------------------------------------------------------------
Distinct malware file name count 23,954
----------------------------------------------------------------------
Sample malware file names update-kb9328-x86.exe docs.txt.exe
text.log.scr readme.txt.scr test.elm.bat data.txt.cmd doc.log.cmd
message.log.exe readme.log.cmd body.msg.cmd
----------------------------------------------------------------------
*T Additional data -- including statistics about leading AV engines
-- is available in Commtouch's Malware Outbreak Trends Report:
Stration/Warezov, available from the Commtouch Virus Outbreak
Detection Lab at
http://www.commtouch.com/downloads/Stration-Warezov_MOTR.pdf. About
Commtouch Commtouch Software Ltd. (NASDAQ:CTCH) is dedicated to
protecting and preserving the integrity of the world's most
important communications tool -- e-mail. Commtouch has over 15
years of experience developing messaging software and is a global
developer and provider of proprietary anti-spam and Zero-Hour virus
protection solutions. Using core technologies including RPD
(Recurrent Pattern Detection(TM)), the Commtouch Detection Center
analyzes billions of email messages per month to identify new spam
and malware outbreaks within minutes of their introduction into the
Internet. Integrated by more than 50 OEM partners, Commtouch
technology protects thousands of organizations, with over 50
million users in over 100 countries. Commtouch is headquartered in
Netanya, Israel, and has a subsidiary in Mountain View, Calif. For
more information, see: www.commtouch.com. The site includes the
Commtouch online lab detailing spam statistics and charts.
Recurrent Pattern Detection, RPD and Zero-Hour are trademarks, and
Commtouch is a registered trademark, of Commtouch Software Ltd.
U.S. Patent No. 6,330,590 is owned by Commtouch.
CYREN (NASDAQ:CYRN)
Historical Stock Chart
From Jun 2024 to Jul 2024
CYREN (NASDAQ:CYRN)
Historical Stock Chart
From Jul 2023 to Jul 2024